MAL-2026-871 Malicious code in envoy1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f06e472b4bdab1dd15a395732da65c1814588afb9acec484f386061ec9c16b3c The package envoy1 was found to contain malicious code. Source: ghsa-malware 877dda74ff1a6579d4bd819a2f752baae0c5f7972ae585756a93dceb01dd57af Any...

Malicious code in ether-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fd63bfdad336609f23485d2ef2ac2140053efbfb31aa2bec1811be7139db95 The package ether-lint was found to contain malicious code. Source: ghsa-malware c8e14ef98aaca0dc035a27f9edd6286e29e73d16c2b4e7c98ab1afe1e4740e35 Any...

Pentora

Pentora v1.0 Pentora is a terminal-first web vulnerability...

Exploit for CVE-2026-20841

Purpose The purpose of this work is to investigate the RCE vul...

MAL-2026-848 Malicious code in npm_cimetadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d7a7d39465b33d104fa6608118d45f3077d7a603292dd367135788a47e182d The package npmcimetadata was found to contain malicious code. Source: ossf-package-analysis...

[SECURITY] Fedora 42 Update: rust-dua-cli-2.32.2-3.fc42

A tool to conveniently learn about the disk usage of directories, fast!...

[SECURITY] Fedora 42 Update: bustle-0.12.0-4.fc42

Bustle draws sequence diagrams of D-Bus activity, showing signal emissions, method calls and their corresponding returns, with timestamps for each individual event and the duration of each method call. This can help you check for unwanted D-Bus traffic, and pinpoint why your D-Bus-based applicati...

Security Assessment of Intel TDX with Support for Live Migration

In the second and third quarters of 2025, Google collaborated with Intel to conduct a security assessment of Intel Trust Domain Extensions TDX, extending Google's previous review and covering major changes since Intel TDX Module 1.0 - namely support for Live Migration and Trusted Domain TD...

SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration

The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification,...

Multi Layer Protection against Low Rate DDoS Attacks in Containerized Systems

Low rate Distributed Denial of Service DDoS attacks have emerged as a major threat to containerized cloud infrastructures. Due to their low traffic volumes, these attacks can be difficult to detect and mitigate, potentially causing serious harm to internet applications. This work proposes a DDoS...

CVE-2025-7432

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

MAL-2026-839 Malicious code in search-newfrontier-podlet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6e41804eeb58691ca7b68763c0db9e48636ffeb9d7020d95bbc9d9e9aec6e76 The package search-newfrontier-podlet was found to contain malicious code. Source: ossf-package-analysis...

VOID

VOID ██╗ ██╗ ██████╗ ██╗██████╗ ██║ ██║██╔═══██╗██║█...

Exposure Management vs Vulnerability Management: Key Differences

Is your security program truly reducing risk, or is it just getting really good at patching? This question is at the heart of the exposure management vs vulnerability management debate. A traditional approach can tell you that a door has a weak lock, but it can't tell you if that door leads to a...

[SECURITY] Fedora 43 Update: rust-resctl-bench-2.2.5-10.fc43

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

Rethinking Security of Diffusion-Based Generative Steganography

Generative image steganography is a technique that conceals secret messages within generated images, without relying on pre-existing cover images. Recently, a number of diffusion model-based generative image steganography DM-GIS methods have been introduced, which effectively combat traditional...

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

Optical Probing of Readback CRC Bus

Revisions Revision Date| Description ---|--- 2026-02-10| Initial publication...

CVE-2025-7432

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...

CVE-2025-7432 DPA countermeasures not reseeded under certain conditions

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack...